Hi devs, Working on LUCENE-5143 I’m revising the README.html files we place in the dist folders. Then I started documenting how to validate checksum of the downloads in addition to GPG signature, Looks like MD5 can still be used for integrity checks (https://en.wikipedia.org/wiki/MD5), while the Ant guys claim otherwise in https://ant.apache.org/manual/Tasks/checksum.html Will our .md5 and .sha1 files still provide security for the downloader after Google releases their recent findings or are they only useful to check that the download was complete and not partial?
-- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
